ComboFix 10-01-04.01 - [name] 08.01.2010 23:28:26.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.672 [GMT 1:00] Kjører fra: c:\documents and settings\[name]\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . Infisert kopi av c:\windows\system32\DRIVERS\atapi.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty ate it :p . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-08 til 2010-01-08 ))))))))))))))))))))))))))))))))) . 2010-01-08 21:58 . 2010-01-08 21:58 -------- d-----w- c:\documents and settings\[name]\Programdata\Malwarebytes 2010-01-08 21:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 21:58 . 2010-01-08 21:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-01-08 21:58 . 2010-01-08 21:58 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-01-08 21:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-08 20:04 . 2010-01-08 20:10 -------- d-----w- C:\$AVG 2010-01-08 20:04 . 2010-01-08 20:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-01-08 20:04 . 2010-01-08 20:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-08 20:04 . 2010-01-08 20:04 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-01-08 20:04 . 2010-01-08 20:04 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-01-08 20:04 . 2010-01-08 20:04 -------- d-----w- c:\windows\system32\drivers\Avg 2010-01-08 20:04 . 2010-01-08 20:04 -------- d-----w- c:\programfiler\AVG 2010-01-08 20:04 . 2010-01-08 21:37 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9 2010-01-08 19:42 . 2010-01-08 19:42 -------- d-----w- c:\programfiler\uTorrent 2010-01-08 19:42 . 2010-01-08 22:26 -------- d-----w- c:\documents and settings\[name]\Programdata\uTorrent 2010-01-08 18:42 . 2010-01-08 21:54 -------- d-----w- c:\programfiler\iPod Access for Windows 2010-01-08 18:40 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-01-08 18:39 . 2001-10-06 12:36 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-01-08 18:39 . 2001-10-06 12:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-01-08 18:39 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-01-08 18:39 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-01-08 18:38 . 2008-04-13 18:45 143872 -c--a-w- c:\windows\system32\dllcache\usbport.sys 2010-01-08 18:38 . 2008-04-13 18:45 143872 ----a-w- c:\windows\system32\drivers\usbport.sys 2010-01-08 18:22 . 2010-01-08 18:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-08 18:00 . 2010-01-08 18:00 -------- d-----w- c:\windows\l2schemas 2010-01-08 18:00 . 2010-01-08 18:00 -------- d-----w- c:\windows\system32\no 2010-01-08 18:00 . 2010-01-08 18:00 -------- d-----w- c:\windows\system32\bits 2010-01-08 17:44 . 2010-01-08 17:44 -------- d-sh--w- c:\documents and settings\[name]\PrivacIE 2010-01-08 17:25 . 2010-01-08 17:25 -------- d-----w- c:\documents and settings\[name]\Programdata\TeamViewer 2010-01-08 17:25 . 2010-01-08 17:25 -------- d-----w- c:\documents and settings\[name]\temp 2010-01-08 17:12 . 2010-01-08 22:24 -------- d-----w- c:\documents and settings\[name]\Tracing 2010-01-08 17:11 . 2010-01-08 17:11 -------- d-----w- c:\programfiler\Microsoft 2010-01-08 17:11 . 2010-01-08 17:11 -------- d-----w- c:\programfiler\Windows Live SkyDrive 2010-01-08 17:11 . 2010-01-08 17:12 -------- d-----w- c:\programfiler\Windows Live 2010-01-08 16:53 . 2010-01-08 16:53 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live 2010-01-08 16:51 . 2010-01-08 17:50 -------- d-----w- c:\windows\EHome 2010-01-07 10:27 . 2010-01-07 10:27 -------- d-sh--w- c:\documents and settings\[name]\IETldCache 2010-01-07 10:25 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-07 10:25 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-07 10:25 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-07 10:25 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-01-07 10:25 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-07 10:25 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-01-07 10:25 . 2010-01-07 10:25 -------- d-----w- c:\windows\ie8updates 2010-01-07 10:24 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-07 10:23 . 2010-01-08 18:00 -------- d-----w- c:\windows\system32\nb-NO 2010-01-07 10:23 . 2010-01-07 10:24 -------- dc-h--w- c:\windows\ie8 2010-01-07 10:11 . 2010-01-07 10:11 -------- d-----w- c:\windows\ServicePackFiles 2010-01-07 09:50 . 2010-01-08 18:53 -------- d-----w- c:\documents and settings\[name]\Programdata\Apple Computer 2010-01-07 09:49 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-01-07 09:49 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-01-07 09:48 . 2010-01-07 09:48 -------- d-----w- c:\programfiler\iPod 2010-01-07 09:48 . 2010-01-07 09:49 -------- d-----w- c:\programfiler\iTunes 2010-01-07 09:48 . 2010-01-07 09:49 -------- d-----w- c:\documents and settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-07 09:48 . 2010-01-07 09:48 -------- d-----w- c:\programfiler\Bonjour 2010-01-07 09:47 . 2010-01-07 09:48 -------- d-----w- c:\programfiler\QuickTime 2010-01-07 09:47 . 2010-01-07 09:48 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple Computer 2010-01-07 09:47 . 2010-01-07 09:47 -------- d-----w- c:\documents and settings\[name]\Lokale innstillinger\Programdata\Apple 2010-01-07 09:47 . 2010-01-07 09:47 -------- d-----w- c:\programfiler\Apple Software Update 2010-01-07 09:46 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-01-07 09:46 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-01-07 09:44 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2010-01-07 09:44 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2010-01-07 09:44 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2010-01-07 09:42 . 2010-01-08 18:49 -------- d-----w- c:\documents and settings\[name]\Lokale innstillinger\Programdata\Apple Computer 2010-01-07 09:33 . 2008-06-14 17:36 272256 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-01-07 09:33 . 2008-06-14 17:36 272256 ------w- c:\windows\system32\drivers\bthport.sys 2010-01-07 09:33 . 2010-01-07 09:33 -------- d-----w- c:\programfiler\CCleaner 2010-01-07 09:31 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-07 09:31 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2010-01-07 09:31 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-01-07 09:31 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-07 09:30 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-01-07 09:30 . 2008-04-21 21:16 217088 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-01-07 09:29 . 2010-01-07 09:29 -------- d-----w- c:\programfiler\CONEXANT 2010-01-07 09:26 . 2010-01-07 09:26 -------- d-----w- c:\documents and settings\[name]\Lokale innstillinger\Programdata\Temp 2010-01-07 09:26 . 2010-01-07 09:26 -------- d-----w- c:\documents and settings\[name]\Lokale innstillinger\Programdata\Google 2010-01-07 09:24 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2010-01-07 09:24 . 2010-01-08 18:39 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-07 09:22 . 2010-01-07 09:22 -------- d-sh--w- c:\documents and settings\[name]\UserData 2010-01-07 09:10 . 2007-03-30 18:58 172032 ----a-w- c:\windows\system32\igfxres.dll 2010-01-07 09:06 . 2007-05-10 09:22 405504 ----a-w- c:\windows\stsystra.exe 2010-01-07 09:06 . 2007-04-10 16:02 1601536 ----a-w- c:\windows\system32\stlang.dll 2010-01-07 09:06 . 2008-04-14 16:22 4096 ----a-w- c:\windows\system32\ksuser.dll 2010-01-07 09:06 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2010-01-07 09:05 . 2007-08-21 08:58 146944 ----a-w- c:\windows\system32\st325602.dll 2010-01-07 09:05 . 2007-05-10 09:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys 2010-01-07 09:05 . 2007-05-10 09:23 270336 ----a-w- c:\windows\system32\stacapi.dll 2010-01-07 09:05 . 2010-01-07 09:06 -------- d-----w- c:\programfiler\SigmaTel 2010-01-07 09:05 . 2010-01-07 09:05 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2010-01-07 09:05 . 2010-01-07 09:05 -------- d-----w- c:\programfiler\Fellesfiler\InstallShield 2010-01-07 09:04 . 2010-01-07 09:04 -------- d-----w- c:\documents and settings\NetworkService\Programdata\Intel 2010-01-07 09:04 . 2010-01-07 09:04 -------- d-----w- c:\documents and settings\[name]\Programdata\Intel 2010-01-07 09:04 . 2010-01-07 09:04 -------- d-----w- c:\documents and settings\LocalService\Programdata\Intel 2010-01-07 09:04 . 2010-01-07 09:04 -------- d-----w- c:\documents and settings\Default User\Programdata\Intel 2010-01-07 09:04 . 2010-01-07 09:16 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe 2010-01-07 09:04 . 2010-01-07 09:04 -------- d-----w- c:\windows\system32\config\systemprofile\Programdata\Intel 2010-01-07 09:04 . 2010-01-07 09:04 -------- d-----w- c:\documents and settings\All Users\Programdata\Intel 2010-01-07 09:03 . 2007-09-26 05:01 2236032 ----a-w- c:\windows\system32\drivers\NETw4x32.sys 2010-01-07 09:00 . 2010-01-07 09:00 -------- d-----w- C:\dell . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-08 21:14 . 2010-01-07 09:43 -------- d-----w- c:\documents and settings\[name]\Programdata\Spotify 2010-01-08 18:52 . 2010-01-06 14:35 13688 ----a-w- c:\documents and settings\[name]\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-01-08 18:24 . 2004-08-04 12:00 46522 ----a-w- c:\windows\system32\perfc014.dat 2010-01-08 18:24 . 2004-08-04 12:00 319198 ----a-w- c:\windows\system32\perfh014.dat 2010-01-08 18:02 . 2010-01-06 14:28 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-07 09:48 . 2010-01-07 09:43 -------- d-----w- c:\programfiler\Fellesfiler\Apple 2010-01-07 09:43 . 2010-01-07 09:43 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple 2010-01-07 09:43 . 2010-01-07 09:43 -------- d-----w- c:\programfiler\Spotify 2010-01-07 09:03 . 2010-01-07 09:00 -------- d-----w- c:\programfiler\Intel 2010-01-07 09:02 . 2010-01-07 09:02 -------- d-----w- c:\programfiler\Broadcom 2010-01-07 09:02 . 2010-01-07 09:02 -------- d-----w- c:\programfiler\DIFX 2010-01-06 14:29 . 2010-01-06 14:29 -------- d-----w- c:\programfiler\microsoft frontpage 2010-01-06 14:27 . 2010-01-06 14:27 -------- d-----w- c:\programfiler\Elektroniske tjenester 2010-01-06 14:26 . 2010-01-06 14:26 -------- d-----w- c:\programfiler\Fellesfiler\Tjenester 2010-01-06 14:25 . 2010-01-06 14:25 21704 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:41 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:41 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:38 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:40 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:40 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "uTorrent"="c:\programfiler\uTorrent\uTorrent.exe" [2010-01-08 284466] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-11-12 141600] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-08 2033432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-01-08 20:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-01-07 09:26 135664 ----atw- c:\documents and settings\[name]\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-05-10 09:22 405504 ----a-w- c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AVG\\AVG9\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG9\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08.01.2010 21:04 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08.01.2010 21:04 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\programfiler\AVG\AVG9\avgemc.exe [08.01.2010 21:04 906520] R2 avg9wd;AVG Free WatchDog;c:\programfiler\AVG\AVG9\avgwdsvc.exe [08.01.2010 21:04 285392] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [07.01.2010 10:46 40448] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1532298954-725345543-1004Core.job - c:\documents and settings\[name]\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-01-07 09:26] 2010-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1532298954-725345543-1004UA.job - c:\documents and settings\[name]\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-01-07 09:26] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-08 23:34 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(568) c:\windows\system32\webcheck.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\AVG\AVG9\avgchsvx.exe c:\programfiler\AVG\AVG9\avgrsx.exe c:\programfiler\AVG\AVG9\avgcsrvx.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\AVG\AVG9\avgcsrvx.exe c:\windows\system32\igfxsrvc.exe c:\programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Tidspunkt ferdig: 2010-01-08 23:37:48 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-01-08 22:37 Pre-Run: 78 443 790 336 byte ledig Post-Run: 78 711 562 240 byte ledig - - End Of File - - 2322FFFC16DB8E1F71C43E1222BAFAA2